Re: [PATCH net v2 0/2] nfc: llcp: two fixes for nfc_llcp_getsockopt()

Next message: Jonathan Cameron: "Re: [PATCH] iio: core: fix uninitialized data in debugfs"
Previous message: Breno Leitao: "Re: [PATCH] tpm: cap tpm_buf_append() at TPM_BUFSIZE, not PAGE_SIZE"
In reply to: Simon Horman: "Re: [PATCH net v2 0/2] nfc: llcp: two fixes for nfc_llcp_getsockopt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Breno Leitao

Date: Tue May 26 2026 - 14:28:06 EST

Hello Simon,

On Tue, May 26, 2026 at 06:33:51PM +0000, Simon Horman wrote:
> > Changes in v2:
> > - Guard the length check against negative optlen (Simon Horman / sashiko).
> > - Add patch 2: move llcp_sock->local read inside lock_sock(sk) to close
> > a UAF race with llcp_sock_bind() (Simon Horman / sashiko).
> > - Link to v1: https://patch.msgid.link/20260513-fix_llc-v1-1-33c76f931ff6@xxxxxxxxxx
>
> Thanks for the update.
>
> There is an AI-generated review of this patch on sashiko.dev.
> It looks like it flags pre-existing issue that doesn't directly
> impact the intent of this patch-set. So I don't believe it should delay
> progress of this patch-set.

Agree, and looking at what sashiko raised, it seems reasonable, I would
say the state check in llcp_sock_connect() is incomplete, and
llcp_sock_connect() should refuse non-LLCP_CLOSED states.

I will send an independent patch later, if we don't hear any concern
from anyone else.

Thanks for the review,
--breno